II. AMENDMENTS TO THE CLAIMS 

Please amend the claims as follows: 

1. (Currently Amended) A system for detecting fraudulent transactions, comprising: 

an interface for inputting transaction data and outputting analysis results; and 

a tamper-resistant secure data processing unit (SDPU), wherein the SDPU includes: 

a security system that can restrict access to data and program execution; 

an analysis system for analyzing inputted transactions; 

a plurality of surveillance algorithms stored in an encrypted database wherein the 
plurality of surveillance algorithms make a determination regarding a probability that 
inputted transactions are fraudulent ; and 

a selection program for selecting at each of a sequence of random times a 
different surveillance algorithm to be used by the analysis system. 

2. (Original) The system of claim 1, wherein the SDPU fiirther includes an algorithm 
performance system that assists the selection program in selecting surveillance algorithms. 

3. (Previously Presented) The system of claim 1, wherein the selection program includes a 
random selection program for selecting surveillance algorithms. 

4. (Canceled) 

5. (Original) The system of claim 1, wherein the security system includes an encryption system 
for encrypting and decrypting data. 
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6. (Previously Presented) A method for detecting fraudulent transactions, comprising: 

providing an interface for inputting transaction data and receiving analysis results; 

providing a secure data processing unit (SDPU) that provides a secret and tamper- 
resistant computing environment, wherein the SDPU can restrict access to data and program 
execution; 

providing a plurality of surveillance algorithms stored in an encrypted database; 
analyzing inputted transactions for fraud with a surveillance algorithm within the SDPU; 

and 

selecting a different surveillance algorithm from the plurality of surveillance algorithms 
for analyzing ftiture inputted transactions. 

7. (Original) The method of claim 6, wherein the step of selecting a different surveillance 
algorithm utilizes a random selection process. 

8. (Original) The method of claim 7, comprising the fiirther steps of 

measuring algorithm performance; and 

using the measured performance in selecting surveillance algorithms. 

9. (Currently Amended) The method of claim 8, comprising the further steps of: 

measuring a randomness of the algorithm selection process using a technique selected 
from the group consisting of correlation and entropy measures; and 
issuing an alert [[is]] if the randomness goes under a predetermined threshold. 
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10. (Original) The method of claim 6, wherein the SDPU prevents observation of which 
surveillance algorithm is selected. 

1 1 . (Original) The method of claim 6, including the further step of decrypting the selected 
surveillance algorithm. 

12. (Withdrawn) A confederated fraud detection system, comprising: 

an interface for inputting fransaction data; and 

a secure data processing unit (SDPU) that provides a secret and tamper-proof computing 
environment, wherein the SDPU includes: 

a security system that can restrict access to data and program execution; 

a consolidated database for storing encrypted data from a plurality of members; 

a consolidation system for securely importing encrypted data from each of the 
plurality of members; and 

at least one data analysis tool for analyzing the consolidated database. 

13. (Withdrawn) The confederated fraud detection system of claim 12, fiirther comprising a set 
of data access rules that determines access criteria to data stored in the consolidated database. 

14. (Withdrawn) The confederated fraud detection system of claim 12, further comprising a 
secure data communication channel through which data fraffic can remain secret. 
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15. (Withdrawn) The confederated fraud detection system of claim 12, further comprising an 
encryption system for decrypting imported data, wherein the encryption system includes a 
system for protecting encryption keys. 

16. (Withdrawn) The confederated fraud detection system of claim 12, further comprising an 
analysis system for analyzing inputted transactions, wherein the interface allows for securely 
inputting transaction data to be analyzed and for securely outputting analysis results. 

17. (Withdrawn) The confederated fraud detection system of claim 16, wherein the analysis 
system utilizes a probabilistic sampling method wherein an acceptance probability is 
proportional to a measure of fraud cost of the analyzed transaction. 

18. (Withdrawn) The confederated fraud detection system of claim 17, wherein the data set 
needed to implement the probabilistic sampling method is small enough to fit in a memory space 
of a secure processor. 

19. (Withdrawn) The confederated fraud detection system of claim 12, wherein the at least one 
data analysis tool includes a system for building models. 

20. (Withdrawn) The confederated fraud detection system of claim 12, further comprising a 
battery of secure processors capable of providing a set of ftinctions that are deemed to require 
high security, high confidentiality, or high privacy. 



10/690,778 



5 



21 . (Withdrawn) A method for implementing a fraud detection service, comprising: 

providing a member based fraud detection service; 

securely fransferring data to a confederated fraud detection system from a member such 
that the data is maintained as confidential; 

storing the data in an encrypted form in a consolidated database along with data from 
other members; 

using the data in the consolidated database to facilitate fraud detection; and 
performing fraud detection on at least one fransaction in a secure manner that is 
confidential with regard to the other members. 

22. (Withdrawn) The method of claim 21, wherein the data is fransferred to the fraud detection 
service in an encrypted form. 

23. (Withdrawn) The method of claim 22, wherein the data fransferred to the fraud detection 
service is decrypted by the fraud detection service, verified for accuracy, and approved for 
storage. 

24. (Withdrawn) The method of claim 21, wherein each member has the option of allowing their 
data to be used in conjunction wdth data from other members for a purpose selected from the 
group consisting of: constructing a model and performing fraud detection. 

25. (Withdrawn) The method of claim 21, fiirther comprising providing a secret surveillance 
service to the members, wherein the service includes: 
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providing a model comprising a library of surveillance programs; and 
running different surveillance programs at different times so that an outside party cannot 
detect which surveillance program is running. 

26. (Withdrawn) The method of claim 21, further comprising providing a data processing 
service to the members, wherein the service includes: 

providing data consolidation services; 
providing model construction services; and 
providing transaction analysis services. 

27. (Withdrawn) The method of claim 21, wherein the confederated fraud detection system 
comprises a data management system that is programmable, tamper resistant, tamper sensitive, 
tamper reactive and tamper evident. 

28. (Withdrawn) The method of claim 21, comprising the ftirther step of causing random data to 
be received by the fraud detection service in order to ensure that secrecy is not lost to a third 
party observing traffic to the fraud detection service. 

29. (Withdrawn) The method of claim 21, wherein an iterative selective sampling method for 

selecting subsets of analysis data is employed by the fraud detection service in performing fraud 
detection so that the analysis data used in each iteration of fraud detection is small enough to be 
stored in the memory of a secure processor. 
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30. (Withdrawn) The method of claim 29, wherein the iterative selective sampling method 
includes a probabilistic sampling method with acceptance probability proportionate to a measure 
of fraud cost of each fransaction record. 

31. (Withdrawn) The method of claim 21, wherein the fraud detection service includes a system 
for reconstructing activity networks among participating members to identify suspicious patterns. 

32. (Withdrawn) The method of claim 21, wherein confidentiality of the data is confroUed by 
rules established within a rules engine. 

33. (Withdrawn) The method of claim 21, wherein the fraud detection service includes audit 
capabilities for replicating analysis activities performed by the fraud detection service. 

34. (Withdrawn) The method of claim 33, wherein the audit capabilities include a system for 
maintaining secrecy of which algorithms were used during the analysis activities. 

35. (Withdrawn) A distributed fraud detection system, comprising: 

a plurality of secure data processing unit (SDPU) distributed among a set of members, 
wherein each SDPU provides a secret and tamper-proof computing environment for the member, 
and wherein the SDPU includes: 

a secure database for storing member data; 

a security system that can restrict access to member data; and 
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a secure communication system for securely transferring member data to and from each 
of the plurality of members in a secure and confidential manner. 

36. (Withdrawn) The distributed fraud detection system of claim 35, wherein at least one of the 
SDPUs includes a data analysis tool for analyzing data distributed among the members in order 
to build a model for detecting fraud. 

37. (Withdrawn) The distributed fraud detection system of claim 35, wherein at least one of the 
SDPUs includes a transaction analysis tool for analyzing an inputted transaction for fraud by 
collecting data distributed among the members. 
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